chore: Fix password mismatch error handling in UpdateSecuritySettings…

… function
COS301-SE-2024 · Jul 21, 2024 · 25e245d · 25e245d
1 parent abc9613
commit 25e245d
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/occupi-backend/pkg/handlers/api_handlers.go b/occupi-backend/pkg/handlers/api_handlers.go
@@ -514,10 +514,22 @@ func UpdateSecuritySettings(ctx *gin.Context, appsession *models.AppSession) {
 		return
 	}
 
+	// check if the password match
+	if securitySettings.NewPassword != "" && securitySettings.NewPassword != securitySettings.NewPasswordConfirm {
+		ctx.JSON(http.StatusBadRequest, utils.ErrorResponse(
+			http.StatusBadRequest,
+			"Invalid request payload",
+			constants.InvalidRequestPayloadCode,
+			"New password and new password confirm do not match",
+			nil))
+		return
+	}
+
 	// Validate the given passwords if they exist
 	if securitySettings.CurrentPassword != "" && securitySettings.NewPassword != "" && securitySettings.NewPasswordConfirm != "" {
 		securitySetting, err := SanitizeSecuritySettingsPassword(ctx, appsession, securitySettings)
 		if err != nil {
+			logrus.Error("Failed to sanitize security settings because: ", err)
 			return
 		}
 

diff --git a/occupi-backend/pkg/handlers/auth_helpers.go b/occupi-backend/pkg/handlers/auth_helpers.go
@@ -383,12 +383,14 @@ func SanitizeSecuritySettingsPassword(ctx *gin.Context, appsession *models.AppSe
 	password, err := database.GetPassword(ctx, appsession, securitySettings.Email)
 
 	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
 		return models.SecuritySettingsRequest{}, err
 	}
 
 	match, err := utils.CompareArgon2IDHash(securitySettings.CurrentPassword, password)
 
 	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
 		return models.SecuritySettingsRequest{}, err
 	}